AgentReadyHomeAgent Listing

← ccusage

ccusage — agentic threat model

5.8AIVSS 5.8 · Medium

ccusage is a low-risk, deterministic local utility for tracking Claude Code token usage. Its primary security risks are local, stemming from potential log injection vulnerabilities or dependency compromises within the developer's local environment.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.1AARS uplift 0.31Factor sum 0.8/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.10
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.10
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.20
Non-Determinism
0.00
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The tool itself is a local script that reads JSONL logs and does not appear to directly run or query a foundation model, though it integrates with Claude Code which does.

L2 · Data Operations✓ mapped

Reads local Claude Code JSONL usage logs. Threat includes reading malformed or maliciously crafted JSONL transcripts (log injection) which could lead to parsing vulnerabilities or path traversal if log paths are manipulated.

L3 · Agent Frameworks✓ mapped

Exposes a `ccusage statusline` command designed to be wired into Claude Code's statusLine hook. Vulnerabilities in the hook integration or command execution could allow local command injection or execution of arbitrary code if the statusline hook is compromised.

L4 · Deployment & Infrastructure✓ mapped

Runs locally on the user's machine. The primary threat is local privilege escalation or unauthorized local file access if the script is run with elevated privileges or if its dependencies are compromised.

L5 · Evaluation & Observability✓ mapped

Acts as an observability tool tracking token usage and costs. Threats include evasion of cost tracking via manipulated logs, or inaccurate reporting due to log tampering, leading to unexpected API billing.

L6 · Security & Compliance (cross-cutting)✓ mapped

Operates locally without requiring API keys, reducing credential exposure. However, there is no explicit mention of access controls or input validation on the JSONL files it parses.

L7 · Agent Ecosystem✓ mapped

Commonly embedded in other statusline plugins and integrates with Claude Code. A compromise in this tool could propagate to other statusline plugins or the broader Claude Code environment.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).